Linked by Thom Holwerda on Mon 5th Sep 2011 22:26 UTC
Privacy, Security, Encryption So, people from within Iran have hacked the Dutch company DigiNotar, allowing them to issue fake certificates so they could listen in on Iranian dissidents and other organisation within Iran. This is a very simplified version of the story, since it's all quite complicated and I honestly don't even understand all of it. In any case, DigiNotar detected the intrusion July 19, but didn't really do anything with it until it all blew up in their face this past week. Now, the Dutch government has taken over operational management of DigiNotar... But as a Dutch citizen, that doesn't really fill me with confidence, because, well - whenever the Dutch government does anything even remotely related to IT technology, they mess it up. And mess it up bad.
Permalink for comment 488658
To read all comments associated with this story, please click here.
Bill Shooter of Bul
Member since:
2006-07-14

You raise some good points. I would be in favor of a better system that wouldn't allow any trusted CA to issue a cert for any site.

Given the current system that we have, the best bet is to restrict the number of CA's that you trust.

Reply Parent Score: 2